hasherezade hasherezade
hasherezade
/ talk_claude.py
Created
December 5, 2025 23:36
A simple hello world script to talk with Claude AI via API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os | |
| import requests | |
| import json | |
| API_KEY = os.getenv("ANTHROPIC_API_KEY") | |
| if not API_KEY: | |
| raise ValueError("Please set the ANTHROPIC_API_KEY environment variable.") |
hasherezade
/ ida_disasm_curr.py
Created
September 29, 2025 22:53
IDA script - disasm current function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Walk current function and print its disassembly | |
| import ida_funcs | |
| import ida_kernwin | |
| import idautils | |
| import ida_lines | |
| import idc | |
| def print_func_disasm(ea=None): | |
| """ | |
| Walks from the beginning to the end of the function containing `ea` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kernel32;LoadLibraryW;1 | |
| kernel32;LoadLibraryA;1 | |
| kernel32;GetProcAddress;2 | |
| advapi32;RegQueryValueW;3 | |
| advapi32;RegOpenKeyExW;5 | |
| advapi32;RegQueryValueExW;6 | |
| kernel32;CreateFileW;6 | |
| kernel32;VirtualProtect;4 | |
| wininet;InternetCrackUrlA;4 | |
| wininet;InternetOpenA;5 |
hasherezade
/ delta_patch.py
Created
October 30, 2024 14:53
— forked from wumb0/delta_patch.py
a script for applying MS patch deltas
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import hashlib | |
| import zlib | |
| from ctypes import ( | |
| CDLL, | |
| POINTER, | |
| LittleEndianStructure, | |
| c_size_t, | |
| c_ubyte, | |
| c_uint64, |
hasherezade
/ aplib_decompress.py
Created
August 23, 2024 13:42
Decompressor for headless APLib blobs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import malduck | |
| import sys | |
| import argparse | |
| def main(): | |
| parser = argparse.ArgumentParser(description="APLib unpacker") | |
| parser.add_argument('--inpath', dest="inpath", default=None, help="APLib compressed blob", | |
| required=True) |
hasherezade
/ AllocateLargePool.c
Created
July 26, 2024 02:44
— forked from hugsy/AllocateLargePool.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "ntdll.lib") | |
| #define SystemBigPoolInformation 0x42 | |
| #define ThreadNameInformation 0x26 | |
| #define DATA_TO_COPY "AAAAAAAAAAAAABBBBBBBBBBBBBBBCCCCCCCCCCCCCCCDDDDDDDDDDDDDDD" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HANDLE find_thread(HANDLE hProcess, DWORD thAccess, bool guiOnly) | |
| { | |
| DWORD targetPid = GetProcessId(hProcess); | |
| HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); | |
| THREADENTRY32 thEntry = { sizeof(THREADENTRY32) }; | |
| GUITHREADINFO gui = { 0 }; | |
| gui.cbSize = sizeof(GUITHREADINFO); | |
| bool isGUIProcess = false; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "syscall" | |
| "unsafe" | |
| ) | |
| var ( | |
| peSieveDll = syscall.NewLazyDLL("pe-sieve64.dll") |
hasherezade
/ LZDecompress.cpp
Created
February 23, 2022 22:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <Windows.h> | |
| #pragma comment(lib,"LZ32.lib") | |
| bool decompress(LPSTR infile, LPSTR outfile) | |
| { | |
| INT hin, hout = 0; | |
| OFSTRUCT ofin = { 0 }; | |
| OFSTRUCT ofout = { 0 }; |
hasherezade
/ mal_unpack_runner.py
Last active
January 28, 2022 21:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys, os, subprocess | |
| import pefile | |
| from pathlib import Path | |
| def mal_unp_res_to_str(returncode): | |
| if returncode == (-1): | |
| return "ERROR" | |
| if returncode == 0: |
NewerOlder